Facebook warns of recent wave of spam

Facebook said Wednesday that it has stopped
most of the spam that has flooded many users' pages with pictures
showing graphic sex and violence.

The social-networking company urged its 800 million-plus users to remain vigilant to keep their accounts from being hijacked.

That includes reporting
suspicious links on friends' pages and not clicking on links that offer
deals that are too good to be true.

Social-networking sites are
popular targets for spammers because people are more likely to trust
and share content that comes from people they know. This makes spam,
scams and viruses easy to spread.

Still, Facebook says less
than 4 percent of content shared on the site is spam. By comparison,
about 74 percent of email is spam, according to security firm Symantec,
though the bulk gets filtered out before reaching the inbox.

Over the past couple of
days, many users have complained about finding links on their Facebook
pages taking them to images depicting jarring violence and graphic
pornography. Although the way the latest spam messages spread isn't new,
their content is more shocking than the typical scam enticing a free
iPod shuffle.

The latest attack tricked
users into clicking on links by offering some sort of promise - free
plane tickets, a fun new video or answers to a quiz, for example, said
Vikram Thakur, principal security response manager at Symantec.

Clicking on the link took
users to a page that asked them to copy and paste a line of malicious
JavaScript programming code into the address bar of their Web browser.

"Pasting that little
message will pick up a message or picture from whatever website the
JavaScript is posting to," Thakur said, adding that it doesn't matter
what type of browser people use.

The content is then posted
on the users' Facebook page, usually without their knowledge. It spreads
further when their friends then click on those links, thinking that it
was posted by the user on purpose.

Facebook said no user data or accounts were compromised during the attack.

It urged users not to cut
and paste unknown code into a browser's address bar. They should always
use an up-to-date browser and report any suspicious content on the site.

While the site scans
malicious links against security databases and blocks those known to
lead to spam, it can't stop people from copying and pasting text
manually into their Web browser.

That's where user vigilance comes in.

Thakur said users should be
suspicious by the mere fact that someone is asking them to copy and
paste something that Facebook is not permitting to be clickable
directly.

Facebook said it built
enforcement mechanisms to quickly shut down the malicious pages and
accounts that attempt to exploit the vulnerability.

"Our team responded quickly
and we have eliminated most of the spam caused by this attack,"
Facebook said in a statement. "We are now working to improve our systems
to better defend against similar attacks in the future."

___

AP Writer David Rising in Berlin contributed to this story.

Copyright
2011 The Associated Press. All rights reserved. This material may not
be published, broadcast, rewritten or redistributed.